The Logical Domains Manager uses the Oracle Solaris OS verified boot technology to verify the digital signature of kernel modules at boot time. Signature verification occurs silently unless the verified boot policies are enabled. Depending on the boot-policy value, a guest domain might not boot if the kernel module is not signed with Oracle Solaris release certificate files or is corrupted.
Use the ldm add-domain or ldm set-domain command to specify the values for the boot-policy property. See the ldm(8) man page.
To use this feature, your system must run at least the following versions of the system firmware and operating system:
System firmware – Version 9.5.0 for Oracle SPARC servers except as follows:
Any released version for SPARC S7, SPARC T8, and SPARC M8 series servers
Any released version for Fujitsu SPARC M12 servers
XCP 2280 for Fujitsu M10 servers
Operating system – Oracle Solaris 11.2 OS
Logical Domains Manager 3.4 introduced a new property named boot-policy for Verified Boot. Older versions of Logical Domains Manager do not know this property so the boot-policy property is dropped when a guest is migrated from a system running Logical Domains Manager 3.4 to a system running Logical Domains Manager older than 3.4. When the guest is migrated back to a system running Logical Domains Manager 3.4 the default boot-policy of warning will be applied to the incoming guest.
You must manually set boot-policy to the desired value after migrating the guest back to a system running Logical Domains Manager 3.4 if the default value of warning is not appropriate.
# ldm set-domain boot-policy=none ldg1
Then reboot the guest to make the new boot policy take effect.